On 04/23/2017 04:52 AM, chiru r wrote:
Thank you for your reply.
I agree, However we are planning, users not to have any direct
privileges on database objects or default roles(like
SUPERUSER,CREATEDB,REPLICATION..etc) in postgres.
looking to create users(LOGIN) only and Grant all the privileges through
roles like below.
*Steps: *
Create User
Create role
GRANT required privileges/default attributes(SUPERUSER,REPLICATION etc)
to Role
GRANT role to Users.
Yes, but in your original setup:
postgres=#
postgres=# create user backup_admin password 'XXXXX';
CREATE ROLE
postgres=# create role dba_admin SUPERUSER REPLICATION;
CREATE ROLE
postgres=# grant dba_admin to backup_admin;
GRANT ROLE
postgres=# alter user backup_admin set role to dba_admin;
ALTER ROLE
the practical effect is to have a user(backup_admin) with SUPERUSER
REPLICATION attributes every time they logged in(the exception being in
the pg_basebackup case, as well as other commands that follow the same
path). Not sure how that is different from just setting up a user with
the REPLICATION attribute.
So,If I follow above process I am not able to do pg_basebackup.
Now I have only options left either I have to use postgres user or
create a user directly with replication role(Which we are not interested
in).
In future is there possibility to allow a user(using above steps) to do
pg_basebackup?.
Thanks,
Chiru
--
Adrian Klaver
adrian.klaver@xxxxxxxxxxx
--
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
